The Hacker News — Cyber Security, Hacking, Technology News

The U.S. Federal Trade Commission has announced a "prize competition" for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things (IoT) devices.

Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.

While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially, giving attackers a large number of entry points to affect you in some or the other way.

At that time, Chinese firm Hangzhou Xiongmai Technology admitted its smart products – DVRs and internet-connected cameras – were inadvertently misused to launch the massive DDoS attack against Dyn.

Later, the Chinese firm rolled out patches for security vulnerabilities found in its IoT products, but due to hard-coded passwords and the fact that their makers implemented the devices in a way that they cannot easily be updated, the firm recalled some of its products.

The manufacturers sell IoT devices with no mechanism in place for automated patch updates and therefore, effective patch deployment is a big problem for IoT devices.

This leaves their consumers with unsupported or vulnerable internet-connected devices shortly after purchase. A huge number of devices rely on weak and simple password 1234, hardcoded password, backdoors, insecure protocols.

Now, in an attempt to find a solution that can be used against security vulnerabilities in IoT systems, the U.S. Federal Trade Commission has announced a "prize competition" for public, Computerworld reports.

The good news is you can earn up to $25,000 for a technical solution (tool) that "consumers can deploy to guard against security vulnerabilities in software on the Internet of Things devices in their homes."

The FTC is looking for a tool that could be used to perform automatic software updates for Internet-connected devices and up-to-date physical devices as well; wherein some will automatically update while others require users to adjust one or more settings.

The winning tool could be a physical device, an app or a cloud-based service that, at a minimum, will "help protect consumers from security vulnerabilities caused by out-of-date software," said the FTC.

The FTC will announce the winners in July. This new announcement is scheduled to be published Wednesday in the Federal Register.

Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things.

Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic.

As first reported by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins.

Just like Apple refused the FBI to help them unlock iPhone belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the information that the Echo logged on its servers.

Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder.

As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system.

Always-ON Listening Feature

Echo typically sits in an idle state with its microphones constantly listening for the "wake" command like "Alexa" or "Amazon" before it begins recording and sending data to Amazon's servers.

However, due to its always-on feature, it's usual for the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded.

Some of those voice commands are not stored locally on Echo but are instead logged onto Amazon's servers.

Presumably, the authorities believe that those audio records that the Echo device might have picked up the night of the incident and uploaded to Amazon servers could contain evidence related to the case under investigation.

Amazon Refused (Twice) to Hand over its User's Data

Amazon, however, denied providing any data that the authorities need. Here's what a spokesperson for the company told CNBC:

"Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course."

While the online retail giant has twice refused to serve police the Echo data logged on its servers, Amazon did provide Bates' account information and purchase history.

The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.

According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins.

Should Amazon Share the Data or Not?

The authorities in the Collins murder case are asking for data on Amazon's servers that could help bring a criminal to justice. If so, authorities should get access to it.

In the case of Apple vs. FBI, Apple was forced to write a backdoor software that could bypass the security mechanism built into its iPhone, while the company already handed over the data stored on its server.

The broader takeaway: IoT devices automating your habits at home could be used for or against you, legally.

The Collins murder case appears to be a first-of-its-kind, and we are very much sure to see more such cases in the future.

It will be interesting to see how the companies that make smart home devices would serve its customers while maintaining a balance between keeping their customers' privacy safe and aiding the process of justice.

The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with.

As the Developers page of Android Things says: "If you can build an app, you can build a device."

The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers.

Android Things is a rebranded version Google Brillo, an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform.

Unlike Brillo, development on Android Things can be achieved with "the same developer tools as standard Android."

While Android Things supports a subset of the original Android SDK, Application Programing Interfaces (APIs) that require user input or login credentials like AdMob, Maps, Search, and Sign-In are not supported.

Just like Android smartphones' OTA update mechanism, developers can push Google-provided operating system upgrades and custom application updates using the same OTA infrastructure that the company uses for its products and services.

Google will soon be adding support for Weave – Google's IoT communications protocol that helps devices connect to Google Cloud services for setup and to communicate to other gadgets.

Weave Server will handle device registration, storing of states, command propagation, and integration with Google services such as Google Assistant. For local and remote communication, Weave SDK will be embedded in the devices.

At this moment, Weave SDK supports schemas for light bulbs, thermostats, and smart plugs and switches, with more device types coming soon.

According to Google, SmartThings and Hue are already using Weave protocol to connect to the Google Assistant, while "Belkin WeMo, LiFX, Honeywell, Wink, TP-Link, First Alert, and more" are also working on adopting Weave.

Google's developer preview of the IoT OS is offering support for the Intel Edison, NXP Pico, and Raspberry Pi 3, so developers can build products using these hardware development kits.

Additional certified devices will soon be added by the general availability of Android Things.

You can get started with the Android Things, which is currently in Developer Preview.

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices.

It's not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks.

However, when it comes to security, people generally ignore to protect all these connected devices and focus on securing their PCs and smartphones with a good antivirus software or a firewall application.

What if any of these connected devices, that are poorly configured or insecure by design, get hacked?

It would give hackers unauthorized access to your whole network allowing them to compromise other devices connected to the same network, spy on your activities and steal sensitive information by using various sophisticated hacks.

IoT threats have risen enormously in past few months, especially DDoS-based botnets and ransomware attacks, which have shaken the digital world.

Can You Protect Your Entire Home Network?

While IoT manufacturers and Internet standard creators have a huge role to play in securing these vulnerable devices, consumers must also take some personal responsibility in protecting their own devices.

There are numerous security articles available on the Internet providing useful recommendations for securing your smart devices.

But when it comes to manually protecting all IoT security issues, it is not possible for all users, especially non-techies, to understand and fix them in with no time or effort. Moreover, it is also annoying to regular check and update every single device.

One Device to Secure Your Entire Home Network and Connected Devices

The new Bitdefender BOX is a tiny hardware-based security solution which is being designed in a way that includes network firewall, intrusion prevention system, vulnerability scanner and an antivirus solution.

Setting up the Bitdefender BOX is quite easy. This tiny box can be connected to your existing internet router to monitor all the Internet traffic and connected devices in real-time, preventing unauthorized access to your home network.

1. Network and Wi-Fi Security

Once connected, Bitdefender BOX automatically scans your network and makes a list of everything that is connected to it in order to protect and monitor things.

To identify known malicious patterns designed to disrupt or spy on you, Bitdefender BOX continually intercepts and scans for only essential parts of the data packets that flow in and out of your network.

One of the major benefits of Bitdefender BOX is that it automatically keeps an eye on every device that joins your network, whether it be you, a guest, or hacker.

When a new device logs into your network, Bitdefender BOX automatically alerts you with a pop-up on your phone, allowing you to quickly kick malicious users off your network with just a single tap.

Bitdefender BOX also provides antivirus protection via Bitdefender's cloud-based threat intelligence network for every device on your network, alerting you to every attempted intrusion or malware that comes from the Internet.

Bitdefender's Total Security Multi-Device (TSMD) is a complete cyber security solution that protects your standard devices – laptops, desktops, smartphones and tablets – across Windows, Mac OS, and Android platforms. Bitdefender BOX comes with a one-year subscription to TSMD, as well as the freedom to deploy it to an unlimited number of devices. That means you can protect every classic device in your network – all with this powerful, award-winning software.

However, what if you are not at home within the range of your home network?

Don't worry about it, because Bitdefender BOX will secure your device remotely outside of the range using a VPN (virtual private network) connection between the agent and BOX, routing all your traffic and analyzing it for any threat.

Bitdefender BOX also protects all your connected devices from man-in-the-middle (MITM) and other cyber-attacks when you connect to insecure networks, such as public Wi-Fi hotspots.

Bitdefender BOX also has Ransomware protection built in, protecting your network from ransomware attacks. Ransomware is a nasty program that locks your files and asks you ransom to be paid in Bitcoins, which is the only way to get back your files.

3. Built-in Vulnerability Assessment Tool

Bitdefender BOX also comes with a vulnerability scanner that scans every device on your home network to find any weak spots that can compromise the integrity of the network.

Bitdefender BOX checks for your password strength, firmware version and any vulnerability that can be used as a backdoor to gain remote access or unauthorized access to your connected devices or network equipment, steal your data or launch attacks.

If you want to review the status of your connected devices and address detected issues, just click the Vulnerable Devices button in the BOX app and keep your network safe.

4. Behavior-based Threat Detection

Want more? The BOX can also smell a rat.

Yes, this little gadget also notices the suspicious behavior of any device on your network and protects other devices on the same network from unauthorized access and tampering.

Most behavioral security solutions are usually designed for large, highly distributed networks run by large organizations and government agencies, but Bitdefender BOX brings the same level of security for your home network.

Bitdefender Active Threat Control has been designed to detect never-before-seen threats and classify advanced malware, including variants of known and unknown threat families, in real-time using machine learning and behavior-based threat analysis and improves security and privacy of your connected devices.

Bitdefender BOX – Should You Buy It?

With these impressive features, Bitdefender BOX is a win-win product for your smart home network, which guards and protects your home environment from every single threat, whether it's a hacker, malware, an intruder or a guest.

The BOX supports all devices running iOS 9 and later, Android 4.1 and later and Windows 7 (SP1) and later (32 and 64 bit).

Usually, Bitdefender BOX comes at $199, but the company is currently offering a $70 discount. So, you can buy it at $129.

Bitdefender BOX is well worth every single penny for those who want security protection for all of their devices, including smart home gadgets, plus antivirus for PCs, Mac and Android.

Other Quick Ways (Manual) to Protect your IoT Devices

Meanwhile, there are some typical manual ways that you should consider to protect your smart device from being hacked. You can follow these simple steps:

1. Change Default Passwords: If you have got any internet-connected device at home or work, change your credentials if it still uses default ones. Changing those passwords periodically is also not a bad idea.

2. Disable Universal Plug-and-Play (UPnP): UPnP comes enabled by default on every internet-connected device, creating a hole in your router's security that could allow malware to infiltrate any part of your local network. So, check for "Universal Plug and Play" features and turn them OFF.

3. Disable Remote Management through Telnet: Go into your router's settings and disable Remote Management Protocol, specifically through Telnet, because this protocol is used for allowing one computer to control another from a remote location. It has also been used in previous Mirai attacks.

4. Check for Software Updates and Patches: Last but not the least, always keep your internet-connected devices and routers up-to-date with the latest vendor firmware.

Don't forget that it is every single customer's job in the entire IoT devices chain to be responsible for the security of their point of connection as well as beyond.

Moreover, when it comes to small-area or city-wide IoT implementations, anything connected to the Internet must be secured before bringing onto the network.

Distributed Denial of Service (DDoS) attacks have risen enormously in past few months and, mostly, they are coming from hacked and insecure internet-connected devices, most commonly known as Internet of Things (IoT).

Recent DDoS attack against DNS provider Dyn that brought down a large chunk of the Internet came from hacked and vulnerable IoT devices such as DVRs, security cameras, and smart home appliances.

This DDoS was the biggest cyber attack the world has ever seen.

Now, in the latest incident, at least five Russian banks have been subject to a swathe of DDoS attacks for two days, said the Russian banking regulator.

The state-owned Sberbank was one of the five targets of the attacks that began on last Tuesday afternoon and lasted over the next two days.

According to Kaspersky Lab, the longest attack last for 12 hours and peaked at 660,000 requests per second came from a botnet of at least 24,000 hacked devices located in 30 countries.

Although the culprit appears to be using hacked and insecure IoT devices such as CCTV cameras or digital video recorders, Kaspersky Lab believes that the latest attack does not look like the work of the "Mirai IoT botnet" — the one used to disrupt the Dyn DNS service.

Mirai is a piece of nasty malware that scans for IoT devices that have weak factory default setting (hard-coded usernames and passwords), converts them into bots, and then used them to launch DDoS attack.

In a statement, Sberbank representative said the bank managed to neutralize the cyber attack without disturbing the ongoing operation of its website, adding that the latest DDoS attacks were among the largest the bank had ever seen, RT reports.

Another Russian bank, Alfabank, has also confirmed the DDoS attack, though it called the attack weak. The bank's representative told RIA Novosti that "there was an attack, but it was relatively weak. It did not affect Alfabank's business systems in any way."

Kaspersky said more than a half of the IoT botnet devices were situated in the United States, India, Taiwan, and Israel. To gain control over the devices, the hackers took advantage of smart devices that use easy to guess passwords.

Security researchers are continually pointing out serious threats from new connected devices that have been rushed to market with poor, or no, security implementations.

Just last week, the DDoS attack through hacked IoT devices led to the disruption of the heating systems for at least two apartments in the city of Lappeenranta, literally leaving their residents in subzero weather.

Keeping in mind the rise in the number of insecure IoT devices, it is entirely possible that the next round of attacks emerged from IoT-based botnet could reach orders of magnitude larger so much so that it could even take down our cities if we let it.

So the best way to protect your smart devices from being a part of DDoS botnet is to be more vigilant about the security of your internet-connected devices. Change the default settings and credentials of your devices and always protect your devices behind a firewall.

Although IoT manufacturers and Internet standard creators have a huge role to play in securing these vulnerable devices, consumers must also require taking some personal responsibility for safeguarding their own devices.

Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic?

The same happened late last month when an attack knocks heating system offline in Finland.

Last week, a Distributed Denial of Service (DDoS) attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather.

Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta.

Valtia CEO Simo Rounela confirmed to English language news outlet Metropolitan.fi that the central heating system and hot water system in both buildings had become a target of DDoS attacks.

In an attempt to fight back the cyber attacks, which lived for a short time, the automated systems rebooted — and unfortunately got stuck in an endless loop, which restarted repeatedly and eventually shut down heating systems for more than a week.

The incident is extremely worrying because in a location as cold as Finland – where temperatures at this time month are below freezing – taking heating systems offline for over a week could result in death, particularly with old-aged people.

Fortunately for the buildings' residents, it was not that cold in Lappeenranta.

The attack started in late October and ended on 3rd November afternoon. Here's what a brief post on the company's website reads:

"Over 90 percent of the [remote systems] in the area of terraced houses or larger buildings will not send an alarm at the moment, even if the heat is switched off or radiator pressure disappears," as the systems are designed to shut down for safety. "The systems must be actively monitored and adjusted."

According to another local media outlet, Helsingin Sanomat, Valtia quickly relocated those affected systems and switched the heating systems over to manual, while the company addressed the DDoS attacks and brought the control systems "back into the grid, this time from behind a firewall."

Dangerous Threats of Massive IoT Botnets

Mirai botnet malware scans for insecure IoT devices, like security cameras, DVRs, and routers, that uses their default passwords and then enslaves them into a botnet network, which is then used to launch DDoS attacks.

The latest incident isn't a disastrous situation, but it is enough to make it crystal clear that these Internet-connected systems can cause a significant consequence in our physical world as well.

Just imagine if these control systems can not be manually adjusted by the people who truly rely on them?

In this case, any cyber attack that knocks these systems down is potentially dangerous and even deadly in the event of extreme temperatures.

This incident once again highlights the dangerous threats of massive DDoS attacks, which are now emerging from Millions of insecure Internet of Things (IoT) devices, whereby attackers can simply launch a DDoS to take down any critical service – no need to infect it with malware or viruses.

So the best way to protect your smart devices from being a part of DDoS botnet is to be more vigilant about the security of your internet-connected devices.

On Thursday, we compiled a story based on research published by a British security expert reporting that some cyber criminals are apparently using Mirai Botnet to conduct DDoS attacks against the telecommunication companies in Liberia, a small African country.

In his blog post, Kevin Beaumont claimed that a Liberian transit provider confirmed him about the DDoS attack of more than 500 Gbps targeting one undersea cable servicing Internet connectivity for the entire country.

Later, some media outlets also confirmed that the DDoS attack caused Internet outage in some parts of the country, citing ‘slow Internet’ and ‘total outage’ experienced by some local sources and citizens.

"The DDoS is killing our business. We have a challenge with the DDoS. We are hoping someone can stop it. It's killing our revenue. Our business has frequently been targeted" an employee with one Liberian mobile service provider told PC World.

Network firm Level 3 confirmed Zack Whittaker of ZDNet that it had seen attacks on telecoms companies in Liberia making access to the web spotty. Other reports suggested mobile net access was affected too.

"At first I thought it was a problem with my internet provider, which often suffers from slow speeds. But this feels more serious. Even when you do get online, the connection repeatedly cuts out." BBC Africa's Jonathan Paye-Layleh in Liberia shared his experience.

Of course, based on the high concern, the story went viral and Kevin's research was covered by other media outlets, including BBC, PC World, The Guardian, Forbes, IBtimes, Quartz, Mashable, although few of them interpreted the incident incorrectly and claimed that the attack took down the entire country's Internet.

In our article, we explicitly mentioned multiple times that criminals are "using Mirai Botnet to shut down the Internet for an entire country" and "trying to take down the Internet of Liberia."

The only mistake in our previous article was the image caption which briefly said, "DDoS takes down entire country offline." We apologize to our readers for an incorrect image caption, which has now been corrected.

Latest Insights On Liberia DDoS Attack Story

After Kevin’s story, some new developments with more insights have appeared.

Doug Madory, the Director of Internet Analysis at Dyn Research tweeted that DYN and Internet-infrastructure company Akamai have no data that supports any nationwide Internet outage in Liberia.

The Hacker News has also been contacted by Kpetermeni Siakor, who manages infrastructure at the Liberia Internet Exchange Point, stating that only Lonestarcell MTN, one of the country's four major telecommunication companies, faced 500 Gbps of DDoS attack for a short period, which was mitigated successfully.

"From inspecting our logs at the Liberia IXP, we didn't see any downtime in the past three weeks. The general manager of the CCL also couldn't confirm any issues with the ACE cable," Siakor said.

Where just 100,000 Mirai bots were successful in knocking down the majority of Internet Offline two weeks ago, how easy it could be for millions of bots to DDoS the ACE submarine fiber-optic cable, whose total capacity is just 5.12 Tbps that is being shared between all of the 23 countries, including Liberia.

So, when we said that someone was trying to take the entire country down, we meant that cyber criminals have such capacity to do so, and since they have targeted one network operator, does not mean they would not attack other network operators that could impact the Internet services in the country.

Mirai Malware Threat: Protect Your IoT Devices

The incidents involving the Mirai malware is extremely worrying because it can take over insecure cameras, DVRs, and routers, which are widely available all around the world – Thanks to lazy manufacturers and customers.

Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those devices into a botnet, which is then used to launch DDoS attacks.

So, the best way to protect yourself and your devices is to be more vigilant about the security of your smart devices.

In our previous article, we provided some basic, rather practical, solutions that will help you protect your IoT devices from becoming part of the Mirai botnet. You can also check also yourself if your IoT device is vulnerable to Mirai malware.

Note — We have published an updated article on what really happened behind the alleged DDoS attack against Liberia using Mirai botnet.

Someone is trying to take down the whole Internet of a country, and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware.

It all started early October when a cyber criminal publicly released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks.

Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state.

One such incident is happening from past one week where hackers are trying to take down the entire Internet of Liberia, a small African country, using another Mirai IoT botnet known as Botnet 14.

Security researcher Kevin Beaumont has noticed that Botnet 14 has begun launching DDoS attacks against the networks of "Lonestar Cell MTN ", the telecommunication company which provides the Internet to 10-15% of Liberia via a single entry point from undersea fiber cable.

"From monitoring, we can see websites hosted in country going offline during the attacks — Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack," Beaumont said in a blog post published today.

According to Beaumont, transit providers confirm that the attacks were over 500 Gbps in size, but last for a short period. This volume of traffic indicates that the "Shadows Kill" Botnet, as the researcher called it, is "owned by the actor which attacked Dyn."

Why Taking Down Liberia's Internet Is easy?

Over a decade of civil war in Liberia destroyed the country's telecommunications infrastructure, and at that time a very small portion of citizens in Liberia had access to the internet via satellite communication.

However, some progress were made later in 2011 when a 17,000 km Africa Coast to Europe (ACE) submarine fiber-optic cable was deployed from France to Cape Town, via the west coast of Africa.

The ACE fiber cable, at depths close to 6,000 meters below sea level, eventually provides broadband connectivity to more 23 countries in Europe and Africa.

What's shocking? The total capacity of this cable is just 5.12 Tbps, which is shared between all of the 23 countries.

Since massive DDoS attack against DynDNS used a Mirai botnet of just 100,000 hacked IoT devices to close down the Internet for millions of users, one can imagine the capability of more than 1 Million hacked IoT devices, which is currently in control of the Mirai malware and enough to severely impact systems in any nation state.

This is extremely worrying because, with this capacity, not just Liberia, an attacker could disrupt the Internet services in all 23 countries in Europe and Africa, which relies on the ACE fiber cable for their internet connectivity.

So, in order to protect yourself, you need to be more vigilant about the security of your smart devices because they are dumber than one can ever be.

In our previous article, we provided some basic, rather effective, solutions, which would help you protect your smart devices from becoming part of the Mirai botnet. You can also check also yourself if your IoT device is vulnerable to Mirai malware. Head on to this article.

The whole world is still dealing with the Mirai IoT Botnet that caused vast internet outage last Friday by launching massive distributed denial of service (DDoS) attacks against the DNS provider Dyn, and researchers have found another nasty IoT botnet.

Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks.

Dubbed Linux/IRCTelnet, the nasty malware is written in C++ and, just like Mirai malware, relies on default hard-coded passwords in an effort to infect vulnerable Linux-based IoT devices.

The IRCTelnet malware works by brute-forcing a device's Telnet ports, infecting the device's operating system, and then adding it to a botnet network which is controlled through IRC (Internet Relay Chat) – an application layer protocol that enables communication in the form of text.

So, every infected bot (IoT device) connects to a malicious IRC channel and reads commands sent from a command-and-control server.

The concept of using IRC for managing the bots, according to the researchers, is borrowed from the Kaiten malware. The source code used to build the IRCTelnet botnet malware is based on the earlier Aidra botnet.

The malware uses the "leaked" vulnerable IoT device's login credential from the Mirai botnet in order to brute force exposed Telnet ports to the Internet.

The IRCTelnet malware infects insecure devices running a Linux Kernel version 2.6.32 or above and capable of launching DDoS attacks with spoofed IPv4 and IPv6 addresses, though the scanner is programmed only to find and brute-force Telnet via IPv4.

"The botnet is having DoS attack mechanism like UDP flood, TCP flood, along with other attack methods, in both IPv4 and IPv6 protocol, with extra IP spoof option in IPv4 or IPv6 too," the researchers note in a blog post.

While analyzing the malware's source code, researchers found hard-coded Italian language messages in the user's communication interface, which suggests that the author of the IRCTelnet malware could be Italian.

The security firm found around 3,400 bots infected by the IRCTelnet malware and said that this nasty malware is capable of raising almost 3,500 bot clients within only 5 days.

The initial scans that distributed the IRCTelnet malware came from IP addresses located in Turkey, Moldova, and the Philippines.

Building a legendary, massive botnet that leverages recently vulnerable threat landscape is inviting more incidents like the recent DDoS attack against Dyn that rendered major websites inaccessible, and record-breaking DDoS attack against French Internet service and hosting provider OVH.

The infamous botnet that was used in the recent massive distributed denial of service (DDoS) attacks against the popular DNS provider Dyn, causing vast internet outage last Friday, itself is flawed.

Yes, Mirai malware, which has already enslaved millions of Internet of Things (IoT) devices across 164 countries, contains several vulnerabilities that might be used against it in order to destroy botnet's DDoS capabilities and mitigate future attacks.

Early October, the developer of the malware publically released the source code of Mirai, which is designed to scan for IoT devices – mostly routers, cameras, and DVRs – that are still using their default passwords and then enslaves them into a botnet, which is then used to launch DDoS attacks.

However, after a close look at the source code, a researcher discovered three vulnerabilities, one of which could be used to shut down Mirai's ability to flood targets with HTTP requests.

A stack buffer overflow vulnerability was found by Scott Tenaglia, a researcher at endpoint security firm Invincea, in the segment of the Mirai's code that carries out HTTP flood attacks.

However, if exploited, the vulnerability could crash the attack process, thereby terminating the attack from that bot (infected IoT device), but leaving that compromised device intact and running.

Tenaglia has publically released the exploit, saying his exploit would not have helped in the recent DNS-based DDoS attack against Dyn that rendered major websites inaccessible, but would also shut down Layer 7 attack capabilities present in Mirai.

"This simple 'exploit' is an example of active defense against an IoT botnet that could be used by any DDoS mitigation service to guard against a Mirai-based HTTP flood attack in real time," Tenaglia writes in a blog post. "Although it cannot be used to remove the bot from the IoT device, it can be used to halt the attack originating from that particular device."

Legal Concerns of Hacking Back:

However, exploiting this vulnerability is to hack back tens of hundreds of IoT devices, which is a controversial and illegit approach and could put defenders in a gray area.

Hacking back involves making changes to systems across various countries without permission from a device's owner, an ISP or its carrier, and Invincea adds a disclaimer on its research, saying it is not advocating a counterattack.

But since the flaw has the capability of thwarting the threat, white-hat vigilante hackers can silently use this vulnerability against the malware and take Mirai-infected devices away from the criminals.

As we have seen numerous court-ordered botnet takedowns in the past, the authorities can get a court order and hack back Mirai-compromised devices in order to shut down the infamous botnets.

The DDoS attack that hit French Internet service and hosting provider OVH with 1.1 Tbps of junk traffic, which is the largest DDoS attack known to date, also came from Mirai bots.

Guess how many devices participated in last Friday's massive DDoS attack against DNS provider Dyn that caused vast internet outage?

Just 100,000 devices.

I did not miss any zeros.

Dyn disclosed on Wednesday that a botnet of an estimated 100,000 internet-connected devices was hijacked to flood its systems with unwanted requests and close down the Internet for millions of users.

Dyn executive vice president Scott Hilton has issued a statement, saying all compromised devices have been infected with a notorious Mirai malware that has the ability to take over cameras, DVRs, and routers.

"We're still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints," Hilton said. "We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets."

Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those devices into a botnet, which is then used to launch DDoS attacks.

A day after the attack, Dyn confirmed that a botnet of Mirai malware-infected devices had participated in its Friday's Distributed Denial of Service attacks.

However, after an initial analysis of the junk traffic, just yesterday, the company revealed that it had identified an estimated 100,000 sources of malicious DDoS traffic, all originating from IoT devices compromised by the Mirai malware.

Earlier the company believed that approximately "tens of millions" of IP addresses were responsible for the massive attack against its crucial systems, but the actual number came out to be much much less, leaving all of us wondering, as:

How did the Attack Succeed to this Massive Level?

To this, Hilton said that Domain Name System protocol itself has the ability to amplify requests from legitimate sources.

"For example, the impact of the attack generated a storm of legitimate retry activity as recursive servers attempted to refresh their caches, creating 10-20X normal traffic volume across a large number of IP addresses," Hilton said. "When DNS traffic congestion occurs, legitimate retries can further contribute to traffic volume."

"It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be."

Friday's cyber attack overwhelmed Dyn's central role in routing and managing Internet traffic, rendering hundreds of sites and services, including Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, inaccessible to Millions of people worldwide for several hours.

Dyn did not disclose the actual size of the attack, but it has been speculated that the DDoS attack could be much bigger than the one that hit French Internet service and hosting provider OVH that peaked at 1.1 Tbps, which is the largest DDoS attack known to date.

According to the company, this attack has opened up an important debate about Internet security and volatility.

"Not only has it highlighted vulnerabilities in the security of 'Internet of Things' (IOT) devices that need to be addressed, but it has also sparked further dialogue in the Internet infrastructure community about the future of the Internet," Hilton said.

Next DDoS Attack could reach Tens Of Terabits-Per-Second

If the IoT security is not taken seriously, the future DDoS attack could reach tens of terabits-per-second, as estimated by network security firm Corero.

The DDoS threat landscape is skyrocketing and could reach tens of terabits-per-second in size, following a discovery of a new zero-day attack vector that has the ability to amplify DDoS attacks by as much as 55x, Corero warned in a blog post published Tuesday.

According to the security firm, this new attack vector uses the Lightweight Directory Access Protocol (LDAP), which if combined with an IoT botnet, could break records in DDoS power.

Dave Larson of Corero explains:

"LDAP is not the first, and will not be the last, protocol or service to be exploited in this fashion. Novel amplification attacks like this occur because there are so many open services on the Internet that will respond to spoofed record queries. However, a lot of these attacks could be eased by proper service provider hygiene, by correctly identifying spoofed IP addresses before these requests are admitted to the network."

You can read more on Corero's official website.

How to Protect your Smart Device from being Hacked

1. Change Default Passwords of your connected devices: If you have got any internet-connected device at home or work, change your credentials if it still uses default ones. Keep in mind; Mirai malware scans for default settings.

2. Disable Universal Plug-and-Play (UPnP): UPnP comes enabled by default in every IoT device, which creates a hole in your router's security, allowing malware to infiltrate any part of your local network.

Check for "Universal Plug and Play" features and turn them OFF.

3. Disable Remote Management through Telnet: Go into your router’s settings and disable remote management protocol, specifically through Telnet, as this is a protocol used for allowing one computer to control another from a remote location. It has also been used in previous Mirai attacks.

4. Check for Software Updates and Patches: last but not the least, always keep your connected devices and routers up-to-date with the latest vendor firmware.

Check if your IoT device is vulnerable to Mirai malware

There is an online tool called Bullguard's IoT Scanner that can help you check if any IoT device over your network is vulnerable to Mirai malware.

If it detects any, contact the device's manufacturer or lookout for a solution to patch those vulnerable gaps.

The tool makes use of the vulnerability scanning service Shodan for finding unprotected computers and webcams on your home network that are exposed to the public and potentially accessible to hackers.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

You might be surprised to know that your security cameras, Internet-connected toasters and refrigerators may have inadvertently participated in the massive cyber attack that broke a large portion of the Internet on Friday.

That's due to massive Distributed Denial of Service (DDoS) attacks against Dyn, a major domain name system (DNS) provider that many sites and services use as their upstream DNS provider for turning IP addresses into human-readable websites.

The result we all know:

Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, were among hundreds of sites and services that were rendered inaccessible to Millions of people worldwide for several hours.

Why and How the Deadliest DDoS Attack Happened

It was reported that the Mirai bots were used in the massive DDoS attacks against DynDNS, but they "were separate and distinct" bots from those used to execute record-breaking DDoS attack against French Internet service and hosting provider OVH.

Here's why: Initially the source code of the Mirai malware was limited to a few number of hackers who were aware of the underground hacking forum where it was released.

But later, the link to the Mirai source code suddenly received a huge promotion from thousands of media websites after it got exclusively publicized by journalist Brian Krebs on his personal blog.

Due to the worldwide news release and promotion, copycat hackers and unprofessional hackers are now creating their own botnet networks by hacking millions of smart devices to launch DDoS attacks, as well as to make money by selling their botnets as DDoS-for-hire service.

Mirai malware is designed to scan for Internet of Things (IoT) devices – mostly routers, security cameras, DVRs or WebIP cameras, Linux servers, and devices running Busybox – that are still using their default passwords. It enslaves vast numbers of these devices into a botnet, which is then used to launch DDoS attacks.

Chinese Firm Admits Its Hacked DVRs and Cameras Were Behind Largest DDoS Attack

More such attacks are expected to happen and will not stop until IoT manufacturers take the security of these Internet-connected devices seriously.

One such IoT electronic manufacturer is Chinese firm Hangzhou Xiongmai Technology which admitted its products – DVRs and internet-connected cameras – inadvertently played a role in the Friday's massive cyber attack against DynDNS.

The Mirai malware can easily be removed from infected devices by rebooting them, but the devices will end up infecting again in a matter of minutes if their owners and manufacturers do not take proper measures to protect them.

What's worse? Some of these devices, which include connected devices from Xiongmai, can not be protected because of hardcoded passwords, and the fact that their makers implemented them in a way that they cannot easily be updated.

"Mirai is a huge disaster for the Internet of Things," the company confirmed to IDG News. "[We] have to admit that our products also suffered from hacker's break-in and illegal use."

The company claimed to have rolled out patches for security vulnerabilities, involving weak default passwords, which allowed the Mirai malware to infect its products and use them to launch massive DDoS attack against DynDNS.

However, Xiongmai products that are running older versions of the firmware are still vulnerable. To tackle this issue, the company has advised its customers to update their product's firmware and change their default credentials.

The electronics components firm would also recall some of its earlier products, specifically webcam models, sold in the US and send customers a patch for products made before April last year, Xiongmai said in a statement on its official microblog.

Hackers are selling IoT-based Botnet capable of 1 Tbps DDoS Attack

Even worse is expected:

The Friday's DDoS attack that knocked down half of the Internet in the U.S. is just the beginning because hackers have started selling access to a huge army of hacked IoT devices designed to launch attacks that are capable of severely disrupting any web service.

Anyone could buy 50,000 bots for $4,600, and 100,000 bots for $7,500, which can be combined to overwhelm targets with data.

Hacker groups have long sold access to botnets as a DDoS weapon for hire – like the infamous Lizard Squad's DDoS attack tool Lizard Stresser – but those botnets largely comprised of compromised vulnerable routers, and not IoT devices like connected cameras, toasters, fridges and kettles (which are now available in bulk).

In a separate disclosure, a hacking group calling itself New World Hackers has also claimed responsibility for the Friday's DDoS attacks, though it is not confirmed yet.

New World Hackers is the same group that briefly knocked the BBC offline last year. The group claimed to be a hacktivist collective with members in China, Russia, and India.

Well, who is behind the Friday's cyber attack is still unclear. The US Department of Homeland Security (DHS) and the FBI are investigating the DDoS attacks hit DynDNS, but none of the agencies yet speculated on who might be behind them.

The DynDNS DDoS attack has already shown the danger of IoT-based botnets, alarming both IoT manufacturers to start caring about implementing security on their products, and end users to start caring about the basic safety of their connected devices.

A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

But how the attack happened? What's the cause behind the attack?

Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack.

Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS.

Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks.

This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday.

"Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks," Flashpoint says in a blog post.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services.

But, these connected devices are not just limited to conduct DDoS attacks; they have far more potential to harm you.

New research [PDF] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices.

The hackers then turn, what researchers call, these "Internet of Unpatchable Things" into proxies for malicious traffic to attack internet-based targets and 'internet-facing' services, along with the internal networks that host them.

More importantly, the SSHowDowN Proxy attack exploits over a decade old default configuration flaw (CVE-2004-1653) in OpenSSH that was initially discovered in 2004 and patched in early 2005. The flaw enables TCP forwarding and port bounces when a proxy is in use.

However, after analyzing IP addresses from its Cloud Security Intelligence platform, Akamai estimates that over 2 Million IoT and networking devices have been compromised by SSHowDowN type attacks.

Due to lax credential security, hackers can compromise IoT devices and then use them to mount attacks "against a multitude of Internet targets and Internet-facing services, like HTTP, SMTP and network scanning," and to mount attacks against internal networks that host these connected devices.

Once hackers access the web administration console of vulnerable devices, it is possible for them to compromise the device's data and, in some cases, fully take over the affected machine.

While the flaw itself is not so critical, the company says the continual failure of vendors to secure IoT devices as well as implementing default and hard-coded credentials has made the door wide open for hackers to exploit them.

"We are entering a very interesting time when it comes to DDoS and other web attacks; 'The Internet of Unpatchable Things' so to speak," said Eric Kobrin, senior director of Akamai's Threat Research team.

"New devices are being shipped from the factory not only with this vulnerability exposed but also without any effective way to fix it. We've been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality."

According to the company, at least 11 of Akamai's customers in industries such as financial services, retail, hospitality, and gaming have been targets of SSHowDowN Proxy attack.

The company is "currently working with the most prevalent device vendors on a proposed plan of mitigation."

How to Mitigate Such Attacks?

So, if you own a connected coffee machine, thermostat or any IoT device, you can protect yourself by changing the factory default credentials of your device as soon as you activate it, as well as disabling SSH services on the device if it is not required.

More technical users can establish inbound firewall rules that prevent SSH access to and from external forces.

Meanwhile, vendors of internet-connected devices are recommended to:

Avoid shipping such products with undocumented accounts.

Force their customers to change the factory default credentials after device installation.

Restrict TCP forwarding.

Allow users to update the SSH configuration to mitigate such flaws.

Since IoT devices number has now reached in the tens of billions, it’s time to protect these devices before hackers cause a disastrous situation.

Non-profit organizations like MITRE has come forward to help protect IoT devices by challenging researchers to come up with new, non-traditional approaches for detecting rogue IoT devices on a network. The company is also offering up to $50,000 prize money.

If you are concerned about the insecurity of Internet of Things, have good hands at programming and know how to hack smart devices, then you can grab an opportunity to earn $50,000 in prize money for discovering the non-traditional ways to secure IoT devices.

Internet of Things (IoT) market is going to expand rapidly over the next decade. We already have 6.5 billion to 8 billion IoT devices connected to the Internet worldwide, and the number is expected to reach 50 billion by 2020.

While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially.

This rise in the number of security risks would continue to widen the attack surface, giving hackers a large number of entry points to affect you some or the other way.

Recently, we saw a record-breaking DDoS attack (Distributed Denial of Service) against the France-based hosting provider OVH that reached over one Terabit per second (1 Tbps). The attack was carried out via a botnet of infected IoT devices, dubbed Mirai Malware.

So, the threat to and with IoT is Big, and we have to look for a solution right now because tomorrow it will be very late.

We already have some ways to find vulnerable IoT devices, like Shodan and Censys search engine. While Shodan has been designed specifically to locate any devices that have been carelessly plugged into the Internet, Censys employs a more advanced approach to finding vulnerabilities in the devices by daily scanning the whole Internet.

However, other creative ways to discover vulnerable IoT devices include a Flying Drone with a tracking tool capable of sniffing out data from Internet-connected devices.

Challenge — Find Ways to Detect Vulnerable IoT Devices

Now, in an attempt to find a solution that can help network admins monitor IoT devices, non-profit research and development organization MITRE has challenged researchers to come up with new ideas for detecting rogue IoT devices on a network.

The good news: You can earn $50,000 for your idea.

Researchers who will find and report a non-traditional, game-changing approach for identifying IoT devices while passively observing the network, without the requirement of modification to the existing protocols and manufacturing, can earn up to $50,000.

"We are looking for a unique identifier or fingerprint to enable administrators to enumerate the IoT devices while passively observing the network," reads MITRE website.

Along with the prize money, MITRE has also promised:

Recognition and Promotion.

The opportunity to connect with government agencies looking for IoT solutions.

The chance to work with MITRE experts to better understand the government's needs.

The MITRE IoT team has created a model home network that will serve as a testbed for the Challenge. This powerful home network includes a broad range of affordable devices with diverse operating characteristics.

"We believe that the identification techniques that prove effective in a home system will translate to industrial, healthcare, military, smart city, and other IoT networks," the team writes.

This Challenge is open to individual entrepreneurs, college teams looking for showcasing their talents and small companies who want to make their mark in the IoT market.

The registration period has already started so that you can register here. The challenge will begin in early November for approximately six weeks, so all participants will have to demonstrate a unique, simple and affordable solution to identify rogue IoT devices within this short period.

The winner will be announced before the end of December. So, if you think you have the potential to find out a solution to this issue, then what are you waiting for? Register yourself today.

With rapidly growing Internet of Thing (IoT) devices, they have become a much more attractive target for cybercriminals.

Just recently we saw a record-breaking Distributed Denial of Service (DDoS) attacks against the France-based hosting provider OVH that reached over one Terabit per second (1 Tbps), which was carried out via a botnet of infected IoT devices.

Now, such attacks are expected to grow more rapidly as someone has just released the source code for IoT botnet, which was 'apparently' used to carry out world's largest DDoS attacks.

Internet of Things-Botnet 'Mirai' Released Online

Dubbed Mirai, the malware is a DDoS Trojan that targets BusyBox systems, a collection of Unix utilities specifically designed for embedded devices like routers.

The malware is programmed to hijack connected IoT devices that are using the default usernames and passwords set by the factory before devices are first shipped to customers.

Spotted by Brian Krebs, the "Mirai" source code was released on Hackforums, a widely used hacker chat forum, on Friday.

However, there is no concrete evidence that this is the same botnet malware that was used to conduct record-breaking DDoS attacks on Krebs' or OVH hosting website.

Reportedly, the attack code has built-in scanners that look for vulnerable smart devices in homes and enroll them into a network of Botnet, that hackers and cyber criminals can then use in a DDoS attack to temporarily shut down any website.

The hacker, nicknamed "Anna-senpai," who released the Mirai source code said they have "made their money...so it's time to GTFO."

"So today, I have an amazing release for you," Anna-senpai wrote. "With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping."

Even after the above explanation, I am still wondering why the malware's author chose to dump the code online over making big money.

Beware: Don't Download It Or Use at your own risk!

I apologize, if you are looking for the download link. We came across hundreds of such malware and their source codes, but ethically we don’t prefer to promote them through our articles because that could indirectly advantage more blackhat hackers to cause further damages.

What if the source code contains any backdoor?

It is not at all surprising to believe so, as we have seen several cases in past years, when hackers have taken advantage of trending or hot events (or incidents), in this case record-breaking DDoS attack, to post and distribute their backdoored malware strategically.

Now that the malware is publicly released, anyone can download and use it to infect a large number of devices worldwide to create their own IoT botnet.

And if the code contains any backdoor, it would not only compromise the user who downloads it from the hacking forum but also hijacks those who are part of that user's botnet network.

Since manufacturers of IoT devices majorly focus on performance and usability and ignore security measures and encryption mechanisms, they are routinely being hacked and used as weapons in cyber attacks.

Just recently we reported about vulnerable D-Link routers that are programmed in such a way that they contain several backdoors, which allow attackers to remotely hijack and control them, as well as network, leaving all connected devices vulnerable to cyber attacks.

So, if you own one or more IoT devices, the first thing you need to do in order to protect yourself against cyber attacks is change those default credentials.

Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.

If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic.

France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week.

As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way.

1 Tbps DDoS Attack Hits OVH

IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (Smart Cities), but they are routinely being hacked and used as weapons in cyber attacks due to lack of stringent security measures and insecure encryption mechanisms.

IoT-powered DDoS attacks have now reached an unprecedented size, as it is too easy for hackers to gain control of poorly configured, or vulnerable, IoT devices.

Late last year, we reported that lazy manufacturers of the IoTs and home routers are reusing the same set of hard-coded SSH (Secure Shell) cryptographic keys, leaving millions of embedded devices, including home routers, modems, and IP cameras open to Hijacking.

And the worst part:

These insecure IoT or internet-connected devices are no longer in line for security updates, which makes it possible for hackers to hijack these connected devices today or tomorrow.